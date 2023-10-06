The cost of hacking smartphones through WhatsApp is on the rise as advancements in security mechanisms and mitigations within the platform make it increasingly challenging for hackers. Zero-day exploits, which take advantage of undisclosed software flaws, have become highly sought after in this clandestine world. According to a report TechCrunch, the value of hacking techniques for WhatsApp, particularly zero-day hacks, has reached millions of dollars.

Russian private and government organizations, along with the global market for exploits, have contributed to the surge in prices. WhatsApp, being a widely used platform with a large user base, has attracted significant attention from government hackers who employ zero-day exploits.

One particularly potent weapon in a hacker’s arsenal is zero-click remote code execution (RCE) exploits. These exploits do not require any interaction from the target, making them stealthier and harder to detect. In 2021, leaked documents revealed the sale of a zero-click RCE exploit for WhatsApp on Android, priced at approximately $1.7 million.

Tech companies, like Meta (the parent company of WhatsApp), are concerned about the rising costs of cybersecurity. To protect users and maintain trust, these companies must make major investments in security research, vulnerability patching, and threat detection. Apple, for example, has introduced features like Lockdown Mode to protect users who fear surveillance.

Government hackers often combine multiple exploits in a chain to achieve comprehensive objectives, with WhatsApp serving as a stepping stone to broader device compromise. The increasing cost of WhatsApp exploits can be attributed to various factors, including frequent security updates on both iOS and Android that enhance device protection. The ongoing invasion of Ukraine Russia has also driven up the prices for exploits.

Sources: TechCrunch

Definitions: Zero-day exploits – exploits that take advantage of undisclosed software flaws; Zero-click remote code execution (RCE) exploits – exploits that do not require any interaction from the target.